diff --git a/docs/developer/aws-k3d-script.md b/docs/developer/aws-k3d-script.md
index b5034023f341a406a9a2030dfb918827577c12e6..1037fedab682f4853c307c9d35362ef317304d00 100644
--- a/docs/developer/aws-k3d-script.md
+++ b/docs/developer/aws-k3d-script.md
@@ -51,6 +51,7 @@ k3d-dev.sh -b -p -m -d -h
  -b   use big M5 instance. Default is t3.2xlarge
  -p   use private IP for security group and k3d cluster
  -m   create k3d cluster with metalLB
+ -a   attach secondary Public IP (overrides -p and -m flags)
  -d   destroy related AWS resources
  -h   output help
 ```
@@ -106,6 +107,10 @@ Overrides can be supplemented by adding references to the specific yaml file, th
 -f ../other-overrides.yaml
 ```
 
+## Testing Keycloak
+
+Refer to this [documentation](package-integration/sso.md#Prerequisites) for various options for testing Keycloak which requires two ingresses on the same EC2 instance.
+
 ## Troubleshooting
 
 1. If you are on a Mac insure that you have GNU sed command installed. Otherwise you will see this error and the kubeconfig will not be updated with the IP from the instance.
diff --git a/docs/developer/package-integration/sso.md b/docs/developer/package-integration/sso.md
index c641e84cbeb2b07ed551a55f1f17a55b6f6f2c8f..3b427a495c6ca61da315e951b5cf306f1d9533b0 100644
--- a/docs/developer/package-integration/sso.md
+++ b/docs/developer/package-integration/sso.md
@@ -4,7 +4,7 @@ Big Bang has configuration for Single Sign-On (SSO) authentication using an iden
 
 ## Prerequisites
 
-The development environment can be set up in one of two ways: 
+The development environment can be set up in one of three ways: 
 1. Two k3d clusters with keycloak in one cluster and Big Bang and all other apps in the second cluster (see [this quick start guide](../../guides/deployment-scenarios/sso-quickstart.md) for more information)
 2. One k3d cluster using MetalLB to have Keycloak, Big Bang, and all other apps in the one cluster (see [this example config](../../assets/configs/example/keycloak-dev-values.yaml) for more information)
 3. Use a single K3D cluster with two Public IP addresses and the `-a` option on the `k3d-dev.sh` script.  This will provision two Elastic IPs, MetalLB, and two specialized `k3d-proxy` containers for connecting the Elastic IPs to the MetalLB IPs.  This allows for both a Public and Passthrough Istio Gateway to work simultaneously, specifically to allow for x509 mTLS authentication with Keycloak.  Keep in mind that `keycloak.bigbang.dev` will need to point to the Secondary IP in your `/etc/hosts` file.  The `k3d-dev.sh` script will inform you of this and return the SecondaryIP.